The recent Symatec report on Internet Security Threats for 2009 showed a marked increase in malicious activities originating from Indian cyberspace. Overall, India ranked 5th in the list of nations contributing to various malicious activity, up from the 2008 rank of 11! It ranked 2nd in the malicious code list and 3rd in spam zombie list.

As stated in the report, one of the (obvious ) reasons for this surge is

Malicious activity tends to increase in countries experiencing rapid growth in broadband infrastructure and connectivity, and the level of malicious activity occurring in India has been increasing steadily over several reporting periods as its broadband infrastructure and user base grows.

and the associated prediction unsurprisingly is

These countries may continue to account for larger percentages within specific categories because their relatively new and growing internet infrastructures could be exposed to increasing levels of malicious activity until security protocols and measures mature enough to counter these activities.

But that is generalising it to a abstraction level that loses much actionable points. Most malicious activity originate from infected machines in the network and the obvious reasons why so many infected machines tend to be in India are:

non-use of anti-virus software: even free anti-virus software are not installed on a lot of machines and even if they are, regular updates are not performed. Reasons range from ignorance to apathy.

non-patched machines: regular updates that are issued against operating systems and software running in it are ignored for reasons like ignorance, lack of bandwidth needed to download the patches and the (misplaced) fear of updating pirated software.

The widespread use of Windows OS and other Microsoft products could be one of the underlying cause from a monoculture view point but within Indian context it is more of economics than anything else. With pirated software available for a fraction of the price of the genuine original and the actual cost of pirate software hidden from view, a lot of consumers end up choosing pirated version over the genuine.

This is as good a case as any to adopt a policy change to migrate from non-free software to free software, not just within the government but also among individuals. Free software does not equate to a bug-free software, far from it, but at the least the piracy and associated infections can be decreased. It goes without saying that this should go hand in hand with educational initiatives to make the public understand the dangers of computer infection.